From b51573ebaf4198e70813313ee4fe3bdff967790e Mon Sep 17 00:00:00 2001
From: Sergei Maertens <sergei@maykinmedia.nl>
Date: Fri, 17 May 2024 14:15:07 +0200
Subject: [PATCH] :package: Set up verified publisher python publication job

---
 .github/workflows/ci.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1028067..a712cec 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -58,6 +58,9 @@ jobs:
     name: Publish package to PyPI
     runs-on: ubuntu-latest
     needs: tests
+    environment: release
+    permissions:
+      id-token: write
 
     if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
 
@@ -71,8 +74,6 @@ jobs:
         run: |
           pip install pip setuptools wheel --upgrade
           python setup.py sdist bdist_wheel
+
       - name: Publish a Python distribution to PyPI
-        uses: pypa/gh-action-pypi-publish@v1.4.1
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_TOKEN }}
+        uses: pypa/gh-action-pypi-publish@release/v1